b020b54fa6
Fixes the following security issues: - CVE-2024-0760: A flood of DNS messages over TCP may make the server unstable https://kb.isc.org/docs/cve-2024-0760 - CVE-2024-1737: BIND's database will be slow if a very large number of RRs exist at the same name https://kb.isc.org/docs/cve-2024-1737 - CVE-2024-1975: SIG(0) can be used to exhaust CPU resources https://kb.isc.org/docs/cve-2024-1975 - CVE-2024-4076: Assertion failure when serving both stale cache data and authoritative zone content https://kb.isc.org/docs/cve-2024-4076 Bind 9.16.x is EOL since April 2024. See here for what version should be used in production: https://kb.isc.org/docs/aa-01540 Remove patch 0001 as CC_FOR_BUILD is used in upstream code to compile host utility gen. Use BIND_AUTORECONF = YES to avoid a Debian 12 libtool bug. Otherwise rndc linking fails. See here for a bug report to bind9 project: https://gitlab.isc.org/isc-projects/bind9/-/issues/4840 See here for a changelog: https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html COPYRIGHT file has been updated, following Copyright holders were added: Copyright Joyent, Inc. and other Node contributors. All rights reserved. Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Reviewed-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Arnout Vandecappelle <arnout@mind.be> (cherry picked from commit c9515c8b63bc9bc84b52b731c2c72031acd240d2) [Peter: mark as security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| bind.hash | ||
| bind.mk | ||
| Config.in | ||
| named.service | ||
| S81named | ||